<?php
/**
 * Geneone: Content Management Framework
 * Lost Password
 *
 * http://geneone.neondragon.net/
 *
 * @package Geneone
 * @author Khlo
 * @version 1.0
 * @copyright 2004-2006 Geneone Development Team
 */
 
class Gene_Special_Password {
	/**
	 * Default Action
	 */
	function main() {
		$tpl =& Gene::getTemplate();
		$db =& Gene::getDatabase();
		$tpl->assign ("pagetitle", "Lost Password");
		
		if ($_SERVER['REQUEST_METHOD'] == 'POST') {
			$loginname = Gene_Request::getString("loginname", GENE_REQUEST_POST);
			if ($user = Gene_User::fromPublicName($loginname)) {
				$email = $user->getEmail();
				
				// Generate confirmation key
				// We use crc32 because it is a bit easier to type than md5
				srand((double)microtime()*1000000);
				$key = sprintf("%u", crc32(time().$email.Gene::getSetting("gene_name").rand(0,30000)));
				$db->extended->autoExecute(
					Gene::tableName("user_lostpw"),
					array(
						"email" => $email,
						"confirm_key" => $key,
						"timestamp" => time(),
					),
					MDB2_AUTOQUERY_INSERT
				);
				
				$baseurl = Gene::makeLink(Gene::specialID("Password"))."/confirm";
				$urlbits = parse_url($baseurl);
				if (isset($urlbits['query'])) {
					$url = $baseurl."&loginname=".$email."&confirmcode=".$key;
				} else {
					$url = $baseurl."?loginname=".$email."&confirmcode=".$key;
				}
						
				$message = "This email is being sent to you by ".Gene::getSetting("gene_name")." because someone requested the password for your account be reset.\r\nIf you feel you received this email in error, please disregard it.\r\n\r\nTo confirm you want to reset your password, please copy and paste the following address in to your web browser:\r\n".$url."\r\n\r\nAlternatively, return to ".Gene::getSetting("gene_name")." and enter the following details on the lost password page:\r\n\r\nLogin Name: ".$email."\r\nConfirmation Code: ".$key."\r\n\r\nPlease confirm this password reset within 7 days - otherwise the request will be deleted.";
				
				Gene::sendEmail($email, Gene::getSetting("gene_name")." - Lost Password", $message);
				
				$tpl->assign ("success", true);
				$tpl->assign("finalbody", $tpl->fetch("special/passwordconfirm"));
			} else {
				$tpl->assign ("errormsg", "The user you specified does not exist.");
				$tpl->assign("finalbody", $tpl->fetch("special/password"));
			}
		} else {
			$tpl->assign("finalbody", $tpl->fetch("special/password"));
		}
	}
	
	/**
	 * Confirm password change request
	 */
	function confirm() {
		$tpl =& Gene::getTemplate();
		$db =& Gene::getDatabase();
		
		$email = Gene_Request::getEmail("loginname", GENE_REQUEST_POST | GENE_REQUEST_GET);
		
		if ($_SERVER['REQUEST_METHOD'] == 'POST' OR $email) {
			$code = Gene_Request::getString("confirmcode", GENE_REQUEST_POST | GENE_REQUEST_GET);
			$step = Gene_Request::getInteger("step", GENE_REQUEST_POST);
			
			if ($email && $code) {
				$q = $db->prepare("SELECT * FROM ".Gene::tableName("user_lostpw")." WHERE confirm_key=? AND email=?");
				$res = $q->execute(array($code, $email));
				if ($row = $res->fetchRow()) {
					$res->free();
					$tpl->assign ("email", $email);
					$tpl->assign ("code", $code);
					
					$user = Gene_User::fromPublicName($email);
					$userinfo = $user->getInfo();
					$tpl->assign ("publicname", $userinfo['name']);
						
					if ($step == 2) {
						$password = Gene_Request::getString("password", GENE_REQUEST_POST);
						$password2 = Gene_Request::getString("password2", GENE_REQUEST_POST);
						
						if ($password && $password2 && $password == $password2) {
							$user->setPassword($password);
							$tpl->assign ("success", true);
							
							/* Garbage Collection */
							$q = $db->prepare("DELETE FROM ".Gene::tableName("user_lostpw")." WHERE timestamp < ? OR email=?");
							$q->execute(array(time()-604800, $email));
						} else {
							$tpl->assign ("errormsg", "The passwords you entered did not match.");
						}
						$tpl->assign("finalbody", $tpl->fetch("special/passwordconfirm2"));
					} else {
						$tpl->assign("finalbody", $tpl->fetch("special/passwordconfirm2"));
					}
				} else {
					$tpl->assign ("errormsg", "Invalid Confirmation Code. Your password change request may have expired.");
					$tpl->assign ("finalbody", $tpl->fetch("special/passwordconfirm"));
				}
			} else {
				$tpl->assign ("errormsg", "Invalid Confirmation Code. Your password change request may have expired.");
				$tpl->assign ("finalbody", $tpl->fetch("special/passwordconfirm"));
			}
		} else {
			$tpl->assign("finalbody", $tpl->fetch("special/passwordconfirm"));
		}
	}
}

?>